CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Ransomware·Data Breaches

Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack

The media company admitted that cybercriminals attempted to extort a payment after stealing personal information. The post Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack appeared first on SecurityWeek.

Washington Post Oracle hack

The Washington Post says nearly 10,000 individuals are affected by a data breach stemming from a cyberattack on its Oracle E-Business Suite (EBS) instance. 

A threat actor associated with the use of the Cl0p ransomware, presumably a cluster of a group tracked as FIN11, targeted the Oracle EBS instances of dozens of organizations through the exploitation of zero-day vulnerabilities

The attacks came to light in early October when the hackers attempted to extort victims. More than 40 organizations that refused to pay a ransom have been listed to date on the Cl0p leak website, including The Washington Post.

Roughly 180 GB of archive files allegedly storing data stolen from the newspaper have been made public through the Cl0p leak website. 

In a filing with the Maine Attorney General’s Office, The Washington Post said the attackers stole the personal information of 9,720 current and former employees and contractors. 

Compromised data includes names, bank account numbers and routing numbers, Social Security numbers, and tax ID numbers. 

The media company said it was contacted by the threat actor on September 29. An investigation showed that the hackers accessed data between July 10 and August 22.

The disclosure confirms previous reports that exploitation of the Oracle EBS vulnerabilities may have started as early as July, months before the patches were released.

The Washington Post is among the few organizations named on the Cl0p website that have confirmed being impacted by the Oracle EBS campaign. 

Confirmed victims also include Hitachi subsidiary GlobalLogic, Harvard University, and American Airlines subsidiary Envoy Air. Other major companies have yet to confirm impact, either because their investigations are ongoing or because they are trying to maintain a low profile.

*total size of files made available by hackers updated from 120 GB to 180 GB

Related: NHS Investigating Oracle EBS Hack Claims

Related: Industrial Giants Schneider Electric and Emerson Named as Victims of Oracle Hack

Related: Akira Ransomware Group Made $244 Million in Ransom Proceeds

Latest News

CYBERNEWSMEDIAPublisher